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FIELD OF THE INVENTION 

This invention relates to the field of image processing. More specifically, this invention 
5 relates to intentionally distorting the machine representation of biometrics and then using the 
distorted biometrics in secure and privacy-preserving transaction processing. 



BACKGROUND OF THE INVENTION 

A biometric is a physical or behavioral characteristics of a person that can be used to 
determine or authenticate a person's identity. Biometrics such as fingerprint impressions have 

10 been used in law enforcement agencies for decades to identify criminals. More recently other 
biometrics such as face, iris and signature are starting to be used to identify persons in many types 
of transactions, such as check cashing and ATM use. An automated biometrics identification 
system analyzes a biometrics signal using pattern recognition techniques and arrives at a decision 
whether the query biometrics signal is already present in the database. An authentication system 

15 tests whether the query biometrics is equal, or similar, to the stored biometrics associated with the 
clamed identity. A generic automated biometrics system has three stages: (i) signal acquisition; 
(ii) signal representation and (iii) pattern matching. 
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Authentication of a person is a fundamental task in many day to day activities. Several 
well established processes such as possession of driver's license, passwords, ATM cards, PESfs 
and combinations thereof are used depending on the level of security needed by the application. 
Transaction oriented systems such as bank ATMs, point-of-sale terminals in retail stores require 
5 authentication tools for every transaction session. In a typical transaction, the client computer 
(ATM machine, cash register) transmits the account details of the customer as read from his card 
and the transaction details as entered by the clerk (or customer) to an authorization server. The 
authorization server checks the validity of the account, the account balance, and credit limit then 
approves or rejects the transaction. Approved credit card transactions result in payment from the 

10 credit card banking agencies to the store; approved ATM withdrav^al transactions result in 
delivering cash. Except for the use of PINs (in ATMs and for debit cards) or a signature on the 
credit card authorization slip in a store, there is very little done to authenticate the user. 
Biometrics can play a significant role in such scenarios. For transactions such as the self-serve 
purchase of gasoline, simply the possession of a credit card is often enough. There is no attempt 

1 5 to determine that the card is used by the rightful owner. 



PROBLEMS WITH THE PRIOR ART 

One of the impediments in advancing the use of biometric authentication in commercial 
transaction systems is the public's perception of invasion of privacy. Beyond private information 
such as name, date of birth and other parametric data like that, the user is asked to give images of 
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their body parts, such as fingers, faces and iris. These images, or other biometrics signals, will be 
stored in digital form in databases in many cases. With this digital technology, it may be very easy 
to copy biometrics signals and use the data for other purposes. For example, hackers could snoop 
on communication channels and intercept biometrics signals and reuse them without the 
5 knowledge of the proper owner of the biometrics. Another concern is the possible sharing of 
databases of biometrics signals with law enforcement agencies, or sharing of these databases 
among commercial organizations. The latter, of course, is a concern for any data gathered about 
customers. These privacy concerns can be summarized as follows: 

1 . Much data about customers and customer behavior is stored. The public is concerned about 
1 0 every bit of additional information that is known about them. 

2, The public is, in general, suspicious of central storage of information that is associated with 
individuals. This type of data ranges fi*om medical records to biometrics. These databases can 
be used and misused for all sorts of purposes, and the databases can be shared among 
organizations. 

15 3 . The public is, rightfully or wrongfully so, worried about giving out biometrics because these 
could be used for matching against databases used by law enforcement agencies. They could 
be, for example, be matched against the FBI or INS fingerprint databases to obtain criminal 
records. 
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Hence, the transmission and storage of biometrics coupled with other personal parametric dlata is 
a concern. The potential use of these biometrics for searching other databases is a further concern. 

Many of these concerns are aggravated by the fact that a biometrics cannot be changed. 
One of the properties that make biometrics so attractive for authentication purposes, their 
5 invariance over time, is also one of the liabilities of biometrics. When a credit card number is 
somehow compromised, the issuing bank can assign the customer a new credit card number. In 
general, when using artificial means, such an authentication problem can be easily fixed by 
canceling the compromised token and reissuing a new token to the user. When a biometrics is 
compromised, however, the user has very few options. In the case of fingerprints, the user has 
10 nine other options (his other fingers), but in the case of face or iris, the alternatives are quickly 
exhausted or nonexistent. 

A fiirther inconvenience of biometrics is that the same biometrics may be used for several, 
unrelated applications. That is, the user may enroll for several different services using the same 
biometrics: for building access, for computer login, for ATM use and so on. If the biometrics is 
1 5 compromised in one application, the biometrics is essentially compromised for all of them and 
somehow would need to be changed. 

Several items of prior art propose methods for revoking keys and other authentication 
tokens. Because the keys and certificates are machine generated, they are easy to revoke 
conceptually. 
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A prior art image morphing technique that create intermediate images to be viewed serially 
to make an source object metamorphose into a different object is disclosed in, 

Stanley E. Sclaroflf and Alex Pentland, 
"Finite-element method for image alignment and morphing", 
5 US Patent 5,590,261, Dec. 1996. 

This reference is incorporated herein by reference in its entirety. 

US Patent 5,590,261 to Sclaroff and Pentland describes a finite element-based method to 
determine the intermediate images based on motion modes of embedded nodal points in the 
source and the target image. Embedded nodal points that correspond to feature points in the 

10 images are represented by a generalized feature vector. Correspondence of feature points in the 
source and target image are determined by closeness of points in the feature vector space. This 
technique is applied to the field of video production not biometrics, and focuses on a 
correspondence assignment technique that reduces the degree to which human intervention is 
required in morphing. Furthermore, for this technique to be applicable the source and the target 

1 5 images must be known. 

The following references are incorporated by reference in their entirety: 



Silvio Mcali, "Certificate revocation system", US Patent 5,793,868, Aug. 1998. 
Silvio Micali, "Certificate revocation system", US Patent 5,666,416, Sept., 1997. 
YOR9-2000-0382 5 



Silvio Micali, "Witness-based certificate revocation system", US Patent 5,717,758, Feb, 
1998. 

US Patent 5,793,868 to S. Micali discloses certificate management involving a 
certification authority (CA), Often when the key in a public key infi-astructure has been 
5 compromised, or the user is no longer a client of a particular CA, the certificate has to be 
revoked. The CA periodically issues a certificate revocation list (CRL) which is very long and 
needs to be broadcast to all The disclosure proposes to generate a hash of at least a part of the 
certificate. Minimal data identifying the certificate is added to the CRL if the data items are shared 
by two or more revoked certificates. The proposed method thus optimizes the size of the CRL 
10 hence lessening transmission time. US Patent 5,793,868 deals with machine generated certificates, 
not signals of body parts. Furthermore, it is concerned with making the revocation process more 
efficient rather than with making it possible at all. 

US Patent number 5,666,416 to S. Micali deals with public key management without 
explicitly providing any list of revoked certificates. A user can receive an individual piece of 

1 5 information about any public key certificate. Methods are described to provide positive 

information about the validity status of each not-yet expired certificate. In the proposed method, 
the CA will provide certificate validity information without requiring a trusted directory. In 
addition, it also describes schemes to prove that a certificate was never issued or even existed in a 
CA. The techniques described here are only applicable to machine generated keys that are easily 

20 canceled, not to biometrics. 
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us Patent number 5,717,758 to S. Mcali further deals with a public key infrastructure. In 
the proposed scheme, an intermediary provides certificate information by receiving authenticated 
certificate information, then processing a portion of the authenticated information to obtain the 
deduced information. If the deduced information is consistent with the authentication information, 
5 a witness constructs the deduced information and authenticates the deduced information. The 
main novelty of the disclosure is that it avoids transmission of long certificate revocation list 
(CRL) to all users and handling of non-standard CRL is left to the intermediary. The method 
addresses issues relevant to machine generated keys and their management, but not to biometrics 
signals. And, again, the focus is on the privacy of certificates and the efficiency of revocation, not 
10 on making revocation possible in the first place. 

The follov^ng reference is incorporated by reference in its entirety: 

R. J, Perlman and C. W. Kaufinan, 

"Method of issuance and revocation of certificate of authenticity used in public 
key networks and other systems", US Patent 5,261,002, Nov. 1993. 

15 US Patent 5,261,002 to Perlman and Kaufinan describes a technique to issue and revoke 

user certificates contaming no expiration dates. The lack of expiration dates minimizes overhead 
associated with routine renewals. The proposed method issues a signed list of invalid certificates 
(referred to as a blacklist) containing a blacklist start date, a blacklist expiration date, and an entry 
for each user whose certificate was issued after the black list start date but is invalid now. The 
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method describes revocation and issuance of machine generated certificates but does not address 
the special properties of biometrics. 

Standard cryptographic methods and biometric images or signals are combined in the 
following reference (incorporated by reference in its entirety): 

5 G. V. Piosenka and R. V. Chandos, 

"Unforgeable personal identification system", 
US Patent 4,993,068, Feb. 1991. (Piosenka) 

US Patent 4,993,068 to Piosenka and Chandos deals with combining standard 
cryptographic methods and biometric images or signals. The proposed scheme encrypts a set of 

10 physically immutable identification credentials (e.g., biometrics) of a user and stores them on a 
portable memory device. It uses modem public key or one-way cryptographic techniques to make 
the set of credentials unforgeable. These credentials are stored in a credit-card sized portable 
memory device for privacy. At a remote site, the user presents the physical biometrics (i.e. himself 
or his body parts) and the portable memory card for comparison by a server. This technique, 

1 5 though usefiil, is susceptible to standard attacks on the encryption scheme and can potentially 
expose the biometrics if the encryption is broken. Furthermore, afl;er decryption the true 
biometrics signals are available to the server for possible comparison v^th other databases thus 
lessening personal privacy. 



The following reference is incorporated by reference in its entirety: 
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D, Naccache and P. Fremanteau, 

"Unforgeable identification device, identification device reader and method 
of identification", US Patent 5,434,917, July 1995. 

US Patent 5,434,917 to Naccache and Fremanteau deals with designing an unforgeable 
5 memory card at an affordable price without the need to have a processor on the card. The plastic 
support of the card is manufactured with randomly distributed ferrite particles. This unique 
distribution of particles is combined with standard user identification information to create a 
secure digital signature. The digital signature along with the owner ID is then stored on the card 
(by use of a magnetic strip or similar means). The reader authenticates the user by reading the ID 
10 and also sensing the ferrite particle distribution. It then checks that the stored digital signature is 
the same signature as would be formed by combining the given ID and the observed particle 
distribution. The unforgeable part of the technique is related to the random distribution of ferrite 
particles in the plastic substrate during the fabrication process. The identification details of the 
owner are not related to biometrics, 

1 5 A software system called "Stirmark" to evaluate robustness of data hiding techniques is 

described in: 

A. P. Petitcolas and R. J. Anderson, "Evaluation of copyright marking systems", 
Proc. IEEE Multimedia Systems 99, Vol. 1, pp. 574-579, pp. 7-11, June 1999. 
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The system Stirmark of this reference applies minor, unnoticeable geometric distortions in 
terms of slight stretches, shears, shifts, bends, and rotations. Stirmark also mtroduces high 
frequency displacements, a modulated low frequency deviation, and smoothly distributed error 
into samples for testing data hiding techniques. This disclosure is concerned with testing if a 
5 watermark hidden in the signal can be recovered even after these unnoticeable distortions. This 
system does not intentionally distort a signal in order to enhance privacy or to allow for 
revocation of authorization. 

This reference is herein incorporated by reference in its entirety. 



OBJECTS OF THE INVENTION 

1 0 An object of this invention is an unproved system and method for using biometrics. 

An object of this invention is an improved system and method of using a biometric with 
increased security. 

An object of this invention is an improved system and method of using a biometric that is 
cancelable. 

15 An object of this invention is an improved system and method of using a biometric with 

improved privacy. 
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SUMMARY OF THE INVENTION 

For many applications, user authentication is an important and essential component. 
Automated biometrics can provide accurate and non-repudiable authentication methods. In the 
digital world the same advantage comes with several serious disadvantages. The digital 
5 representation of a biometrics signal can be used for many applications unbeknownst to the 
owner. Secondly, the signal can be easily transmitted to law enforcement agencies thus violating 
the users' privacy. We describe methods to overcome these problems employing signal scrambling 
and morphing techniques to intentionally distort the original biometrics signal so that no two 
installations share the same resulting signal. 

1 0 BRIEF DESCRIPTION OF THE DRAWINGS 

Figure 1 gives prior art examples of traditional biometrics. 

Figure 2 A shows a prior art block diagram of an automated biometrics system for 
authentication. 

Figure 2B shows a prior art block diagram of an automated biometrics system for 
15 identification. 

YOR9-2000-0382 11 



Figure 3, comprised of Figures 3A and 3B, gives flow diagrams of the signal 
transformations, where: 

- Figure 3 A shows a system where the biometric signal is first distorted and then the template is 
extracted; and 

5 - Figure 3B shows a system where a template is first extracted and then intentionally distorted. 

Figure 4 is an example of a cancelable distortion of a voice biometrics where the voice 
fi-equency content is intentionally distorted in the frequency domain. 

Figure 5 is an example of a cancelable distortion of a voice biometrics where the voice 
fi*equency content is intentionally scrambled in the time domain. 

10 Figure 6 is an example of a cancelable distortion of a fingerprint biometrics where the 

fingerprint flow pattern is transformed in the spatial domain. 

Figure 6A shows the process of geometrically registering the authentication fingerprint in 
order to place it in a canonical pose. 

Figure 7 is an example of a cancelable distortion of a face biometrics where the face 
1 5 appearance is transformed in the spatial domain. 
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Figure 7A shows the process of geometrically registering the authentication face image in 
order to normalize it to a canonical pose and standard size. 

Figure 8 is an example of a cancelable distortion of a biometrics point set in which a 
non-invertible transformation is applied in the spatial domain, where the point set can be the set of 
5 minutiae in a fingerprint image. 

Figure 9 is another example of a cancelable distortion of a biometrics point set where the 
point set distorted by applying a spatially variant transformation to a partitioning grid. 

Figure 1 OA is an example of a cancelable distortion of an iris biometric where the iris 
image is transformed in the spatial domain by adjusting the angles in a polar coordinate system. 

10 Figure lOB is another example of a cancelable distortion of an iris biometric where the iris 

image is transformed in the spatial domain using the radius of a polar coordinate system. 

Figure 11 is a cancelable distortion of a point set biometrics where the point set is directly 
distorted by applying a non-invertible transformation of one of the coordinates where the point set 
can be the set of minutiae of a fingerprint image. 

15 Figure 12 is a cancelable distortion of a point set biometrics where the point set is 

distorted through non-invertible transformations of both coordinates. 
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Figure 13 is a cancelable distortion of a point set biometrics where the point set is 
distorted through a non-invertible transformation that maps the coordinates of the input point set 
into a larger space. 

Figure 14, comprised of Figure 14A and 14B, gives flow diagrams for using distorted 
5 biometrics in a transaction processing system, where 

- Figure 14A shows the process of selecting a distortion for a user and enrolling the user by 
storing the reference distorted biometric; and 

- Figure 14B shows the process of distorting a biometric signal in a prescribed way and then using 
it to authenticate a transaction. 



10 DETAILED DESCRIPTION OF THE INVENTION 

The present invention introduces cancelable biometrics. Unlike traditional biometrics, 
these biometrics can be changed when somehow compromised. A cancelable biometrics is a 
transformation of the biometrics which result in a intentional distorted representation of the same 
format as the original biometrics. This distortion is repeatable in the sense that, irrespective of 
1 5 variations in recording conditions of the original biometric, it generates the same (or very similar) 
distorted biometric each time. If the distortion is constructed to be non-invertible then the original 
biometric can never be derived from the cancelable biometric, thus ensuring extra privacy for the 
user. 
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While data encryption and image compression might be considered distortion transforms, 
the present invention is different from these prior art techniques. In encryption, the transmitted 
signal is not usefiil in its raw form; it must be decrypted at the receiving end. Furthermore, all 
encryption systems are, by design, based on invertable transforms and will not work with 

5 noninvertable functions. With encryption systems, it would still be possible to share the signal 
with other agencies without the knowledge of the owner. In compression, there exist lossy 
methods which do not preserve all the details of the original signal. Such transforms are indeed 
noninvertable. Depending on the exact method of compression, there are even some image 
processing operations that can performed directly on the compressed data. In general, however, 

10 the data is decompressed before being used. And, unlike encryption, the method for doing this is 
usually widely known and thus can be applied by any party. Moreover, the decompressed signal 
is, by construction, very close to the original signal. Thus it can often be used directly in place of 
the original signal so there is no security benefit to be gained by this transformation. Furthermore, 
altering the parameters of the compression engine (to cancel a previous distortion) will result in a 

1 5 decompressed signal which is still very similar to the original 

Traditional biometrics, such as fingerprints, have been used for (automatic) authentication 
and identification purposes for several decades. Signatures have been accepted as a legally binding 
proof of identity and automated signature authentication/verification methods have been available 
for at least 20 years. 
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Figure 1 gives examples of these biometrics. On the top-left, a signature 1 10 is shown and 
on the top-right a fingerprint impression 130 is shown. The bottom-left shows a voice (print) 120, 
and the bottom-right an iris pattern 140. 



Biometrics can be used for automatic authentication or identification of a (human) subject. 
5 Typically, the subject is enrolled by offering a sample biometric when opening, say, a bank 
account or subscribing to an internet service. From this sample biometric, a template is derived 
that is stored and used for matching purposes at the time the user wishes to access the account or 
service. A biometric more or less uniquely determines a person's identity. That is, given a 
biometric signal, the signal is either associated with one unique person or significantly narrows 
10 down the list of people with whom this biometric might be associated. Fingerprints are excellent 
biometrics, since two people with the same fingerprints have never been found. On the other 
hand, biometric signals such as weight or shoe size are poor biometrics since these physical 
characteristics obviously have little discriminatory value. 

Biometrics can be divided up into behavioral biometrics and physiological biometrics. 

15 Behavioral biometrics include signatures 1 10 (see Figure 1) and voice prints 120. Behavioral 
biometrics depend on a person's physical and mental state and are subject to change, possibly 
rapid change, over time. Physiological biometrics, on the other hand, are subject to much less 
variability. For a fingerprint, the basic flow structure of ridges and valleys (cf fingerprint 130 in 
Figure 1) is essentially unchanged over a person's life span. Even if the ridges are abraded away, 

20 they will regrow in the same pattern. An example of another physiological biometric is the circular 
texture of a subject's iris, 140 in Figure 1. This is believed to be even less variable over a subject's 
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life span. To summarize, there exist behavioral biometrics (e.g., 110 and 120) which are under 
control of the subjects to a certain extent, as opposed to physiological biometrics whose 
appearance cannot be influenced (the iris 140) or can be influenced very little (the fingerprint 
130). 

5 Refer now to Figure 2A. A typical, legacy prior-art automatic fingerprint authentication 

system has a biometrics signal (say, a fingerprint image) as input 210 to the biometrics matching 
system. This system consists of three other stages 215, 220 and 225, comprising: signal 
processing 215 for feature extraction, template generation 220 based on the features, and 
template matching 225. Along with the biometrics signal 210, an identifier 212 of the subject is 

10 input to the matching system. During the template matching stage 225, the template associated 
with this particular identifier is retrieved from some database of templates 230 indexed by 
identities (identifiers). If there is a Match/No Match between the template extracted in stage 220 
and the retrieved template from database 230, a corresponding 'Yes/No' 240 answer is the output 
of the matching system. Matching is typically based on a similarity measure: if the measure is 

15 significantly large, the answer is 'Yes,' otherwise the answer is 'No.' The following reference 
describes examples of the state of the prior art: 

N, K. Ratha, S. Chen and A. K. Jain, 

"Adaptive flow orientation based feature extraction in fingerprint images", 
Pattern Recognition, vol 28, no. 11, pp. 1657-1672, Nov. 1995, 

20 This reference is incorporated herein by reference in its entirety. 
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Note that system 200 is not limited to fingerprint authentication, this system architecture is 
valid for any biometric. The biometric signal 210 that is input to the system can be acquired either 
local with the matching appUcation on the client, or remotely with the matching application 
running on some server. Hence architecture 200 applies to all types of biometrics and to both 
5 networked and non-networked applications. 

System 250 in Figure 2B is similar to system 200 in Figure 2A, but it is an identification 
system instead of an authentication system A typical, legacy prior-art automatic biometrics signal 
identification system takes only a biometric signal 210 as input (Figure 2 A). Again, the system 
consists again of three stages 215, 220 and 225, comprising: signal processing 215 for feature 

10 extraction, template generation 220 based on the features, and template matching 225. During the 
template matching stage 225, the extracted template is matched to all <template, identifier> pairs 
stored in database 230. If there exists a good match between the template extracted in stage 220 
and a template associated with some identity in database 230, this associated identity is output as 
the result 255 of the identification system 250. If no match can be found in database 230, the 

15 output identity 255 could be set to NIL. Again, the biometric signal 210 can be acquired either 
locally on a client machine, or remotely with the matching application running on some server. 
Hence architecture 250 applies equally to networked or non-networked applications. 

Automated biometrics in essence amounts to signal processing of a biometrics signal 210 
to extract features 215. A biometrics signal is some nearly unique characteristic of a person, A 
20 feature is a subcharacteristic of the overall signal, such as a ridge bifijrcation in a fingerprint or the 
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appearance of the left eye in a face image. Based on these features, a more compact template 
representation is typically constructed 220. Such templates are used for matching or comparing 
225 with other similarly acquired and processed biometric signals. In this invention we are 
concerned with biometrics signals and biometrics templates but not with template matching. As 
5 described below, it is the process of obtaining templates from biometrics signals that is slightly 
different when cancelable biometrics are used.. 

Figure 3 gives flow diagrams of two different ways a cancelable biometric can be 
constructed from a biometrics signal 210. In system 300 (Figure 3 A), the biometrics is distorted 
with transformation 3 10 to obtain a cancelable biometric 320, Signal processing for feature 
10 extraction 330 is then used to obtain a template 340. As described previously, this template is a 
compact machine representation which is used for matching purposes. By contrast, in system 350 
(Figure 3B) first feature extraction 360 (signal processing) is performed to produce a more 
compact representation. Next a template 370 is extracted and then, finally, a cancelable distortion 
transformation 380 is used to construct a distorted template 390. 

15 We refer to both approaches as cancelable biometrics because, from the application 

viewpoint, it makes no difference how the cancelability is introduced. The important point in both 
implementations is that different distortions can be chosen for different people, or for the same 
person at different times. Furthermore, it is important that these distortions are reproducible so 
that a similar result is obtained each time the biometrics signal from the same person is processed. 

20 In the discussion to follow, various methods 380 are described for obtaining suitably distorted 
biometric signals and distorted biometric templates. 
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Figure 4 gives an example of a cancelable distortion of a speech signal or voice print, The 
speech signal is a fonction s(t) of time t At any time 410, s(r ') is composed of a number of 
frequencies / that can be computed using prior art techniques such as a short-time Fourier 
transform (STFT) of the speech signal. That is, at any time t\ there is a distribution d(/) 425 of 
5 frequencies. This distribution can be denoted D(^ / with t ' fixed. Letting t ' vary, the speech 
signal can then be characterized as a two-dimensional function D(^ t) 420 of frequency and time, 
where D(^ /) gives the amplitude of frequency / at time t. We assume that the structure of the 
underlying voice print D(^ /) is the same or similar for enrollment and authentication of a subject 

Such a signal can be transformed by transforming each one-dimensional frequency 
10 distribution ftmction D^C O 425 in some fashion. In Figure 4, this transformation is the 
same for each instant of time T 410. The transformation is accomplished by partitioning the 
frequency axis 440 into a number of intervals, 430, 432, 438. The frequency content of each of 
these intervals is then mapped into a different partitioning 450, 452, .,.,458 along axis 460. This 
axis represents transformed frequencies f 445. For interval 450, the instantaneous transformed 
15 frequency distribution ftinction dVO 475 is equal to d(h(/)). That is, the interval mappmg fimction 
/' = h(/) is applied to d(/) 425, the original frequency distribution function. Hence, for each instant 
of time / 'the signal / ^ in 430 is mapped into a new signal D'(/*', t')\xx 450. This is done by 
mapping the frequency content V) in interval 432 into interval 452 in D'(/'', f) and so on. 
Thus, in this example the frequency axis is non-linearly stretched. 
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The resultant voice print I>'(f\ t) 470 is a cancelable transformation of the original voice 
print t) 420. It is cancelable because a different stretching of the various frequency bins can 
be applied. The resultant speech T>'(f\ t) will not sound like the original speech D(^ t) of the 
person who is to be recognized. However, if the person enrolls in the system with distorted voice 
5 print T>'(f \ t), the system should be able to recognize the person based on a submitted voice print 
provided it is distorted in the same way as the enrollment samples. Note that only the distorted 
voice print is available to the recognition engine, not the original D(fJ). This enhances privacy. 
Furthermore, if the transformation h(/) is compromised, a new transformation g(f) similar to h(f) 
can be assigned to the person (the person would have to re-enroll, however). 

1 0 Figure 5 shows another example of a cancelable distortion transformation of a voice 

biometric where, this time, frequency content is remapped in the time domain rather than in the 
frequency domain. Again, the voice print D(X 0 420 describes the frequency content of the signal 
at any time 405 (t) as a ftmction of frequency 415 (/). Again, it is assumed that the voice print D(X 
t) is the same or similar for enroUment and authentication of a subject. Hence, the voice print is 

15 some pass phrase or sentence that starts at time r = 0, 5 10. In this example, it is the time domain 
which is partitioned in a number of intervals, 530, 532, 534, 536,.,. The transformed voice print 
D'(^ t*) 520 as a function of f 530 is then constructed by mapping the frequency content in each 
time interval of D(X t) into some time interval of D'(^ ? *) according to a selected permutation of 
the intervals. Here the content of D(^ /) can either be played forward T' 540, or in reverse 'R' 

20 545. In Figure 5, interval 532 o{D(f, t) is mapped 550 to interval 532 of D'(^ f) and reversed, 
while interval 534 of D(X t) is mapped 560 into interval 538 of D'(/; /') in the forward fashion. 
The result is that the pass phrase T>'(f, t ') is scrambled in such a fashion that the identity of the 
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subject cannot be detennined by humans or automated voice recognition systems based solely on 
the non-scrambled T>(f,t). This intentionally distorted biometric could be canceled by specifying a 
different permutation of time bins for the user (again, the user would have to re-enroll). 

Figure 6 is an example of a cancelable distortion transformation of a fingerprint biometric 
5 where the fingerprint image is transformed in the spatial domain. A fingerprint intensity image 600 
can be considered a fimction of x (620) and;^ (610), namely l(x, y). The image is defined on a 
finite square or rectangle 600. The cancelable fingerprint biometric signal is defined on a similar 
square or rectangle 645. To construct this cancelable distortion transformation of I^, y), the 
image domain is divided into smaller rectangles 601, 602, 603, 604, 605, ... , 609. Similarly, the 

10 cancelable image domain is divided into similar rectangles 631, 632, 633, 634, 635, ... , 639. The 
rectangles of the cancelable image are then filled with a permutation of the rectangles 601, 602, 
603, 604, 605, , 609 of l(x, y). For example, rectangle 601 of 600 is mapped into rectangle 
648 of 645 as indicated by arrow 630, and rectangle 602 of 600 is mapped into rectangle 639 of 
645 as indicated by arrow 640. Optionally, the rectangles can also be rotated by 90, 180 or 270 

15 degrees. 

Distorting the fingerprint image fimction l(x,y) as described introduces many 
discontinuities in the image at the boundaries of the rectangles. These may well be interpreted as 
ridge endings and hence will tend to introduce artificial features. Therefore, rather than 
transforming the image itself, the features (minutiae) such as 690 and 692 extracted fi-om image 
20 fimction could be transformed instead. Figure 8 shows the basic idea. The rectangles containing 
the features are translated and rotated according to some permutation between the rectangles in 
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the original image 800 and the rectangles in 860. Such a permutation or scrambling does not 
generate any spurious artifacts. 

Another way to avoid discontinuities and make the fingerprint still look somewhat like a 
normal fingerprint, is to apply a morph rather than a scramble to the image. One could lay down a 
5 polar coordinate grid on the finger similar to that used for the iris in Figures lOA and lOB. The 
grid would be constructed so it was centered at the "core" point 684 (see Figure 6A) of the 
finger, and had the line of zero degrees pass through the "delta" point 686. The intersections of 
the radial lines and the circumferential rings would then be individually perturbed to remap the 
image portion associated with the corresponding sector. The resultant cancelable fingerprint 
10 image then will still look like a fingerprint image, in that it has properties of fingerprint images 
such as continuous ridge flows and structures around some center point like the core 684. Hence, 
cancelable fingerprints can be enrolled along with non-transformed fingerprints in the same legacy 
authentication systems. 

Figure 6A illustrates the process of registering the enrolled fingerprint image E and 
15 authentication fingerprint image A This needs to be done somehow every time the distortion 
transformation is applied during authentication or else the result will not be similar to the distorted 
biometric saved during enrollment. For voice prints this was not a problem because both 
fi-equency and time are absolute dimensions, with well-defined origins and scales. 

For fingerprints the problem is to register authentication image A(x y ') 650 with image 
20 E(x, y) 680 that was used for enrollment. That is, the ridge and valley pattern 654 embedded in 
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coordinate system 652 has to be registered as well as possible with pattern 678 embedded in 
coordinate system 675, In general, a rigid linear mapping from points (x \ y ') to points (x, y) needs 
to be found. This can be achieved as a two-step process by first finding a translation T 656 
followed by a rotation R 666, The translation T maps the pattern 654 in K(x \ y') 650 from 
5 coordinate system 652 into A(x y'') 660 m coordinate system 662. Let (x \ y J = X' and 
similarly (x", y")"- = X", then X' = X" + T where T is the translation vector. The rotation R 666 
(or possibly skew S 668) further maps the translated pattern in A(3c", y'') 660 from coordinate 
system 662 to Afx, y) 670 in coordinate system 675. Again, letting (x'\ y"/ = X' and (x, y/ = X, 
we can write X= R X" where R is the rotation matrix. The result is pattern 674 in image 670 
10 embedded in coordinate system 675. After these manipulations, the patterns 678 in the enrolled 
image 680, and 674 in the aligned authentication image 670, are registered as well as possible. 

One way to obtain the transformation between pattern 654 and 678 (see Figure 6A) is by 
locating special points which appear in most fingerprint pattern. One can thus extract the "core" 
681 and "delta" 682 from the fingerprint image, and then transform the image to put these in 

15 some canonical position in enroUment image Efx, y) 680. In 680 this is achieved by forcing the 
midpoint between the core and delta to be in the center of the image, and then rotating the whole 
image so that the line containing the core and deha points is parallel to the y axis. For the 
authentication image A(x \ y ') 650 the same procedure is used. That is, in the image 650 the core 
684 and the deha 686 are extracted. The midpoint of the line segment connecting the core and 

20 delta is translated with T 656 to the center 690 of the intermediate image k(x y ") 660. The line 
segment is then rotated with rotation matrix R 666 to be parallel to the y axis 692. 
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This is just one possible method to achieve alignment. Other characteristic features of 
fingerprint images, such as the center and orientation of the ellipse that bounds the fingertip 
image, could be used to align the enrolled and presented fingerprint images. A similar method is to 
use the first and second-order moments of the fingerprint images. These moments can be 
5 interpreted as defining equivalent ellipses and can be used in the same fashion as above. Still 
another method would be save a private copy of the original enrollment image 650, then directly 
align each authentication image 670 with it using some overall matching fimction before applying 
the specified distortion to the authentication image. The private copy of the original enroUment 
image might be stored in a device which remains in the possession of the user (such as a 
10 smartcard) in order to guard against exposure of the user's actual biometric. 

Figure 7 is an example of a cancelable distortion transformation of a face biometrics where 
the face appearance is transformed in the spatial domain. The biometrics signal (a face image) is 
shown in image ¥(x \ y ') 700, while the transformed cancelable biometrics (a morphed face 
image) is shown in image FMfx, y)7l0. The morphing transformation is denoted by M 705. The 
15 original face image ¥(x \ y ') is defined in a coordinate system with axes x * 702 and j ' 701 . The 
cancelable morphed face image FMfx, y) is defined in terms of a different coordinate system 
consisting of x 620 and j 610. As indicated by the arrows 740, 742 and 744, each image point 
¥M(x, y) is mapped to some other point in Y(x \y') = ¥(f(x,y), g(x,y)) using the coordinate change 
fiinctions {(x,y) and g(x,y), which can be quite complicated, 

20 If there is no control over, or no knowledge of the back-end face recognition engine, then 

the morphed face image FMfx, y)7l0 needs to look like a plausible face. This is because all face 
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recognition systems are designed with actual facial feature constraints in mind. So, unlike the 
morphed face image shown in Figure 7, the morphed face should be symmetrical. That is, the 
synametry with respect to the axis 705 should be preserved. This restriction still allows thmgs like 
the height 709 of the face to be changed. The distance 715 between the eyes, and the nose 
5 parameters 719 and 721 could also be changed directly. The hairline properties may be changed 
by simply varying 725 or other overall properties of the hairline. The width of the face 711 could 
also be changed if, for instance, the change varies according to some continuous function along 
the axis of symmetry 705. Similarly, the size of the eyes 717 may be changed, typically provided 
that both eyes end up the same size. The same applies to the ear parameters 727 and 729, and the 
10 mouth parameters 73 1 and 733; they may be changed as long as approximate symmetry is 
preserved. Note that these paired changes may be nonlinear, i.e., the ear width 727 may be 
changed according to a continuous function along the ear height or vice versa. 

As with the fingerprints, the enrolled face image E and authentication face image A need 
to be registered somehow every time authentication is requested. Figure 7A shows the process of 

1 5 registering the authentication face image k(x \ y 750 with the enrolled face image Efx, >^ 780. 
The basic idea is to adjust each of the images so it is in a known reference position and of some 
standard size, and then compare these canonical views. Here the face pattern 754, which is 
embedded in coordinate system 752, has to be registered as well as possible with face pattern 778, 
which is in coordinate system 775, This can be achieved vdth a linear mapping fi-om points (x\y') 

20 to points (x, y). Again, as in Figure 6 A such a mapping can generally be broken down into a 
translation T 755 followed by either a rotation R 766, a rotation and a scaling sR 767, or a 
combined skewing S 768. The parameters of these transformations may be derived by first 
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detecting characteristic face features in the enrollment image E(x, y) 780. In this case, the eyes 
782 and nose 784 are detected and registered. Then enrolled face is put in some canonical form, 
say by aligning the nose 784 with the y axis and translating the image so that the center of mass of 
the eyes and nose are in the center of the image Efx, y) 780. 

5 In the authentication face image h(x \ y ') 750, the same features 786 (eyes) and 788 

(nose) are detected in face pattern 754. The center of mass 790 of these features is computed 
from which the translation T 755 can be derived as the vector connecting this point to the center 
of the image 750. This translation T 755 maps the face 754 in Mx'^y") 750 from coordinate 
3 system 752 to A(3c:", y*') 760 in coordinate system 762, This can be written in a more compact 
3 10 mathematical form by letting (x\yj^^' w^&(x'\ fj = X", then X' - X" + T. In the next step, 
the rotation R 766 or skew S 768 takes the translated face in A(x", y") 760 embedded in 
coordinate system 762 and remaps it to K(x, y) HQ in coordinate system 775. To summarize, with 
a fx'', yy = X" and fx, = X, then X = R X". The final result is face pattern 774 in image 770 
rt which is embedded in coordinate system 775. The faces 778 and 774 in the enrolled image 780 
1 5 and the aligned authentication image 770, are now registered as well as possible using just 

rotation and translation. However, since a face may appear at different scale in different images, 
the system may additionally need to scale face 774, In that case, the transformation is X= s R X" 
using the scaled rotation transform sR 767. In case the view of the face in either the enrolhnent 
image or the authentication image is not frontal, skew S 768 may be used to partial compensate 
20 for this effect and map Afx", y'') 760 to Afx, 770. Of course, different facial features from the 
ones described may be used in the registration process. 
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An alternate way of obtaining registration transforms is by using of standard, commercially 
available face recognition engine since these always somehow determine the pose of the face 
pattern. 



Figure 8 is a more general example of a cancelable distortion transformation of a point set 
5 biometrics where the point set is transformed through a non-invertible transformation in the 
spatial domain. These point features might be things like the minutiae (ridge endings and 
bifurcations) in a fingerprint image. The spatial constellation of these points, as in block 800, are 
a representation of the biometrics signal As in Figure 6, the overall image 800 is divided into a 
number of rectangles or squares. The rectangles in 800 that contain feature points are indicated by 
10 810, 812, 814, 816, 818 and 820. The cancelable transformation T 850 maps the feature points 
into transformed space 860. As v^th the original space 800, this space 860 is also divided up into 
rectangles, such as 870, 872 and 874. 

Unlike Figure 6, however, the transformation T 850 is not a strict permutation (in the 
mathematical sense) of the blocks, but rather a scrambling. Some mappings are distinct: block 818 

15 is mapped 852 onto block 872, block 816 is mapped onto block 878, block 810 is mapped onto 
block 870 (both indicated by A); and block 814 is mapped onto block 876 (both indicated by C). 
However, here both block 812 and block 820 are mapped onto block 874. For this reason, block 
874 is labeled B, D to indicate it contains data fi*om the blocks labeled B and D in 800. Because 
multiple blocks from space 800 can be mapped into a single block of space 860, it is impossible to 

20 reconstruct the original image 800 from the scrambled one 860. This is because it is impossible to 
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tell, in general, which original block or blocks the two points in block 874 came from. That 
information has been lost. 

Figure 9 is another example of a cancelable distortion transformation of either a point set 
or image biometrics, where the point set or image is transformed through a non-invertible 
5 morphing transformation. Again, the image or point-set space, represented by block 900 contains 
some biometrics signal. The biometrics signal can be a continuous image defined in this space or it 
can be a point-set representation of a biometrics. The block 900 is then divided up into rectangles 
902, 904, ... , 906, ... 908 each containing some portion of the biometrics signal. As an example, 
3 rectangle 906 contains two feature points 920 and 925. The result of transformation 950 is the 
3 10 block 910, which contains the cancelable (distorted) version of this biometrics. Block 910 is 

divided up in a number of shapes 912, 914, ... , 916, 918. The number of shapes in 910 is equal 
' to the number of rectangles in 900. The transformation T 950 morphs the biometrics signal in 900 
n into 910. That is, each individual rectangle in 900 is mapped to a corresponding shape in 910. For 

instance, rectangle 902 is mapped onto shape 912, rectangle 904 is mapped onto shape 914, 906 
^ 15 onto 916, 908 onto 918, and so on. The image 910 is then resampled at some fixed spatial 

quantization (i.e. converted to discrete pixels). For such mapping (morphing) 950 which remains 
within a similar sized square 910 as the original image 900, it is impossible to guarantee that each 
point in 900 will map into a single distinguishable point in 910. This is illustrated by examining the 
fate of points 920 and 925 in rectangle 906. These points are mapped 950 into a single point 930 
20 in shape 916 due to the quantization of the resulting image 910. This means that the 

transformation T 950 is non-invertible since there is no way after the fact to untangle these two 
points. While the example has been cast in terms of deforming rectangular patches, areas 902, 
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904, 906, 908 can be arbitrary shapes that cover 900. Similarly, the shapes 912, 914, 
916, 918 can be arbitrary. However, to apply this technique there needs to be a one-to-oine 
correspondence between the shapes in 900 and 910, as well as a principled way of spatially 
mapping the contents of one shape into the interior of another . 

5 Figure 1 OA is an example of a cancelable transformation of an iris biometrics where the 

iris image (such as 140 in Figure 1) is transformed in the spatial domain using the angle of a polar 
coordinate system. Here the original iris biometrics 1000 has pupil 1004 with the iris area being 
the colored portion in the concentric ring 1002 around the iris. An angular morphing of the iris 
may be achieved as follows. The iris area is divided into radial sectors of equal area, such as 

10 segments 1000, 1012, 1014, 1016, 1018 and so on. The cancelable distortion transformation T 
1005 is a new image 1020 of the eye which still looks like an eye. It is created by dividing the iris 
area 1022 of image 1020 into a number of angular sectors, this time of unequal size. That is., 
divisions such as 1030, 1032, 1034, 1036, 1038, etc. The number of angular sectors in 1000 and 
1020 is the same. The transformation T 1005 then consist of mapping from each sector in 1000 to 

15 the corresponding sector in 1020. That is, the portion of the iris image falling in sector 1010 is 
mapped onto sector 1030, sector 1012 is mapped onto sector 1032, etc. for all sectors in 1000. 
This mapping can generally be done by a simple linear stretching or shrinking of the original image 
fragment, although monotonically increasing or decreasing ftmctions of the angle also may be 
used. In the case that the transformation is linear, circle 1008 will change into oval 1028. Notice 

20 that this distortion creates a transformed image that continues to look like an eye. Note also that it 
is easy to change the transformation 1005 by simply changing the size of the various sectors used 
in resulting image 1020. 
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Figure lOB is another example of a cancelable distortion transformation for an iris image. 
This the image is again transformed in the spatial domain, but this time using the radius of a polar 
coordinate system. As before, the original iris biometrics 1000 has pupil 1004 and iris area in the 
concentric ring 1002 around the pupil. A radial morphing of the iris image may be achieved as 
5 follows. As shown in Figure lOB, the iris area is divided into concentric rings of equal radius. 
These radial rings are shown in the enlarged segment 1052 and labeled 1060, 1062, 1064, 1066, 
1068. The cancelable transformation T 1055 is obtained by constructing a new image 1070 of an 
eye. The iris area 1002 of this new image 1070 is also divided into radial rings, but now of 
unequal radius as indicated in enlarged segment 1072 with the rings 1080, 1082, 1084, 1086 and 

10 1088. The number of rings in 1050 and 1070 is the same. The transformation T 1055 of the iiris 
image function is a mapping from each ring m 1050 to the corresponding ring in 1070. That is, 
ring 1060 is mapped (arrow 1090) onto ring 1080, ring 1062 is mapped onto ring 1082, ring 
1064 is mapped (arrow 1092) onto ring 1084, 1066 onto 1086, and 1068 onto 1088. This 
mapping can be done by simple linear stretching or shrinking of the radius for each ring pair. 

1 5 Monotonous increasing or decreasing functions of the radius also may be used. In the case that 
the transformation is linear, circle 1058 on FigurelOB will change into ellipse 1078. 

The angular transformation as described in Figure lOA and the radial transformation of 
Figure lOB can optionally be combined in a new composite transformation. If one defines the 
polar coordinates with radius p and angle cp, then the combined transformation is a 
20 two-dimensional transformation of p and cp. In this case, each ring segment in the original iris 
biometrics is mapped into ring segment of different radius p and angle (p. This is similar to the 
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morphing transformation discussed in relation to Figure 7, but using annular segments instead of 
rectangles as the partitioning to be distorted. 

No matter which of these method is used to distort an iris image, once again it is necessary 
to correctly register each image before transformation so that the distortions are repeatable. Such 
5 registration is easily achieved by finding the centers of the pupil 1004 and some distinguishing 
overall orientation, such as the line connecting the comers of the eye. The registration is 
performed by moving the pupil center to the center of the image, and then rotating the image 
around this center so that the line between eye comers is horizontal The iris images can then be 
expressed in polar coordinates p, (p. with the center of the pupil at the origin. 

10 Figure 1 1 is concemed with point set biometrics (such as fingerprint minutiae) and shows 

another type of cancelable distortion transformation. In this case the point set is transformed 
through a non-invertible transformation of one of the coordinates. Example point set 1 100 
consists of six points: 1 102, 1 104, 1 106, 1 108, 1110, 1 12. These points are embedded in x, y 
coordinate system 1 120. The cancelable transformation, which is non-invertible, is defined as a 

15 function F(y) = j ' 1 130 in the (y>y') coordinate system 1 140. The transformation maps the 
original y coordinate of each point in set 1 100 to a new>' ' using F 1 130, The x coordinate is not 
changed. The original point set 1 100 then is thus mapped into the distorted point set 1 150 in the 
(x,y') coordinate system 1170. The transformed points are: 1152, 1154, 1156, 1168, 1160, 1162. 
That is, point 1102 is mapped onto 1152, 1104 onto 1154, and so on. Mathematically, each point 

20 (x, y) is mapped into (x,y') = (x, ¥(y)) where the fimction ¥(y) is non-invertible, meanmg there 
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exists no fiinction j; = F"^(y So, given a set of distorted points (x,y*), it is impossible to retrieve 
the original points (x, y). This protects the privacy of the user's actual biometrics. 



Figure 12 is another cancelable distortion transformation of a point set biometrics where 
the point set is now transformed through non-invertible transformations of both coordinates. 
5 Again, the point set lies in (x, y) coordinate system 1210. This point set is transformed through 
two coordinate transformations into a set in the (x\y') coordinate system 1250. An example 
mapping is given by point 1200, which is eventually mapped into 1290 in coordinate system 1250. 
However, first, the>^ coordinates of the points are all transformed using function ' = Y(y) 1269 
m(y,y') coordinate system 1220. This is similar to the technique illustrated in Figure 1 1 . The 

10 result is a new set of points in the space spanned by coordinate system (x, y ') 1230. Intermediate 
point 1280, for example, comes from original point 1200. Next, the x coordinates of all the points 
are transformed using the fimction x ' = G(x) 1270 (defined over the fx, x % coordinate system 
1240). For intermediate point 1280, this results in final point 1290 in (x\y') coordinate system 
1250. In mathematical terms, the point (x, y) is mapped into (x, V(y)) ^(x,y') 1292, and then the 

1 5 point fx, y')i^ mapped to (G(x), yO)'='(x\y 0^ In general, this transformation results in a 

scrambled set of points m(x\y') space from which the original set cannot be recovered. This is 
true provided at least fimction F 1260 or function G 1270 is non-invertible. The purpose of using 
multiple fimctions is to more thoroughly distort the original biometric so that even the 
distributional statistics of the points are significantly altered, 

20 Figure 13 is yet another cancelable distortion transformation of a point set representing 

the features from a biometrics signal. But in this case, randomly generated oflFsets are added to the 
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X mdy coordinates of the original feature set to remap the range of the x and y coordinates of the 
present set to a larger space. For example, the original range of the coordinate space for the point 
set 1300 in Figure 13 is [511, 511]. That is, x can range from a value ofOup toamaximum of 
511. After the transform, the range has been mapped to [1023, 1023] as shown in 1360. The 
5 points in the original feature set marked as 13 10-1320 are mapped randomly (but repeatably) to 
the points shown in 1360. This might be done in a consistent way by associating a particular 
random offset with each subblock in original space 1300. Mapping all the contents of a block in 
the same way helps to preserve the local structure of the biometrics signal. But, note that due to 
randomness in the offsets, we may have several points in the original set which are mapped to the 
10 same point in the resulting set (such as the points A and B in 1360). This means the distortion is 
non-invertible, as discussed in relation to Figure 8. The main advantage of this transform is that in 
the larger space, brute force attacks on the template are much harder. 

The use of an intentionally distorted biometric is depicted in Figure 14. This example 
shows how a distorted biometric is acquired and then used in a transaction processing system. 

15 Figure 14 A shows the enrollment process. First, a particular distortion transformation is chosen 
1470 for the user and stored in a database 1400. An external agency could supply some randomly 
generated distortion, or the user could type something like a password which would be hashed to 
generate an index by which a distortion would be selected. The ID-to-distortion database 1400 
could be a remote computer connected to a network or, for greater privacy, a smartcard retained 

20 by the user. The system then acquires 1480 one or more samples of the biometric signal from the 
user, applies the specified distortion 1490, and stores the distorted signals (or some statistical 
digest of them) in a second database 1460. This completes the enrollment process. 
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As show in Figure 14B, a similar process is used during transaction authentication. First, 
in step 1410 the user supplies his alleged identification to the system. The system uses this to 
lookup up the appropriate distortion 1420 from database 1400. It then acquires a biometric signal 
1430 and applies the specified distortion 1440, If database 1400 is a smartcard, then the cUent 
5 machine (such as an ATM) can lookup and apply the distortion locally without consulting a 
remote server. This makes the process more efficient (less network traffic). It also guarantees that 
the specific details of the distortion are never broadcast over the network in any form, and that the 
server never has direct access to them. Finally, in step 1450 the transaction authority compares 
1450 the submitted distorted biometrics with the reference distorted biometrics fi*om database 
10 1460. If the two match reasonably well, the transaction is authorized. Otherwise, the transaction is 
rejected and possibly logged for follow-up. 



Other embodiments, used as business methods are more fiiUy described and claimed in 
U.S. Patent application number xxx, filed on the same day as this disclosure, and entitled 
BUSINESS SYSTEM AND METHOD USING A DISTORTED BIOMETRICS, to Bolle et 
15 al., which is herein incorporated by reference in its entirety. 
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CLAIMS 



We claim: 

L A computer system comprising one or more central processing units and one or more 
memories, the system further comprising: 

5 one or more sensors that sense one or more characteristics of a user and converts the 

characteristics into a first digital representation that is stored in one or more of the memories, the 
first digital representation having one or more subcharacteristics, the subcharactistics being 
invariant over time, insensitive to common sensing artifacts, and capable of being repeatably 
extracted; 

10 a distortion process that selectably distorts the first digital representation into a distorted digital 
representation by distorting at least one of the subcharacteristics, the distortion process being 
repeatable; and 

a comparison process that compares one or more sets of the distorted subcharacteristics to one or 
more stored sets of distorted subcharacteristics to determine the identity of the user, 

15 2. A system, as in claim 1, where the characteristics include any one or more of the following: a 
fingerprint, a face, a hand, an iris of an eye, a pattern of subdermal blood vessels, a spoken phrase, 
and a signature. 
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3. A system, as in claim 1, where the subcharacteristics include any one or more of the following 
a complete biometric, a partial biometric, a feature, a feature position, a feature property, a 
relation between two or more features, a subregion of an image. 

4. A system, as in claim 1, where the distortion is non-invertible. 

5 5. A system, as in clahn 4, where the distortion is applied to a orthogonal Cartesian grid 
partitioning of the first digital representation. 

6. A system, as in claim 4, where the distortion is applied to a circular polar-coordinate grid 
partitioning of the first digital representation. 

7. A system, as in claim 4, where the distortion process is a geometric distortion of the first 
10 digital representation, 

8. A system, as in claim 4, where the distortion process is a block scrambling of the first digital 
representation. 

9. A system, as in claim 1, where the first digital representation is quantized at a particular level. 



10. A system, as in claim 9, where the distorted digital representation has a larger range relative 
1 5 to the range of the first digital representation. 
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11. A system, as in claim 4, where the distortion process is applied within a canonical reference 
frame associated with the first digital representation. 

12. A system, as in claim 1 1, where the characteristic being sensed is a fingerprint and the 
canonical reference frame is defined with its origin at the position of the core point and with one 

5 axis passing through the position of the delta point. 

13. A system, as in claim 11, where the characteristic being sensed is a face and the canonical 
reference frame is defined with its origin at the position of one eye and with one axis passing 
through the position of the other eye. 

14. A system, as in claim 11, where a previously stored representation is aligned with the current 
10 representation, the parameters of the alignment being used to derive a canonical reference frame. 

15. A system, as in claim 1, where the comparison process provides either a unique recognition 
ID for the user corresponding to one of the people enrolled in the database or a non-recognition 
indication. 

16. A system, as in claim 1, where the matching process takes as an additional input the proposed 
1 5 ID of the user and verifies this identity by returning a yes or no answer. 
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17. A system, as in claim 1, where the second digital representation is discarded and replaced by 
a new second digital representation distorted by a new distorted process. 

18. A system, as in claim 17, where the new second digital representation replaces the second 
digital representation in one or more of the following circumstances: a passage of time; invalid 

5 access attempts, a customer request, a second user request, a physical user request. 

19. A system, as in claim 1, where the sets of the distorted subcharacteristics correspond to one 
or more of the following: one or more minutiae in a fingerprint, a location of eyes, nose, and 
mouth in a face, a phase and contrast of optical texture in an iris, a set of formant frequencies and 
their time derivatives in a speech signal, and one or more joint lengths and widths in a hand. 

10 20. A system, as in claim 1, where the distortion process is a geometric distortion of the first 
digital representation. 

21 . A system, as in claim 1, where the distortion process is a block scrambling of the first digital 
representation. 

22. A method for generating a biometric comprising the steps of: 

1 5 selectably distorting a first digital representation of one or more biometrics into a distorted digital 
representation by distorting at least one subcharacteristic of the biometric, the distortion process 
being repeatable; and 
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comparing one or more sets of the distorted subcharacteristics to one or more stored sets of 
distorted subcharacteristics, distorted by the distortion process, to determine the identity of a 
user. 

23. A system for generating a biometric comprising: 

5 means for selectably distorting a first digital representation of one or more biometrics into a 
distorted digital representation by distorting at least one subcharacteristic of the biometric, the 
distortion process being repeatable; and 

means for comparing one or more sets of the distorted subcharacteristics to one or more stored 
sets of distorted subcharacteristics, distorted by the distortion process, to determine the identity of 
10 a user. 

24. A computer program product that executes the following steps: 

selectably distorting a first digital representation of one or more biometrics into a distorted digital 
representation by distorting at least one subcharacteristic of the biometric, the distortion process 
being repeatable; and 
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comparing one or more sets of the distorted subcharacteristics to one or more stored sets of 
distorted subcharacteristics, distorted by the distortion process, to determine the identity of a 
user. 



a 

u 
in 
o 

m 

Q 

w 

in 

a 
m 

Cri 
13 
C3 



YOR9-2000-0382 



SYSTEM AND METHOD FOR DISTORTING A BIOMETRIC FOR TRANSACTIONS 
WITH ENHANCED SECURITY AND PRIVACY 

ABSTRACT 

Authentication methods are very important in several applications. Existing methods of 
5 authentication based on possessions or knowledge have several problems that can be overcome by 
using biometrics. Unfortunately biometrics-based authentication is unrevocable today and has 
many privacy concerns in users' minds. The proposed technique employs signal scrambling and 
morphing techniques to intentionally distort the original biometrics signal in a non-invertible 
fashion. If the security is compromised, the system can cancel a particular distortion and reacquire 
10 the signal with a new distortion function. This provides fimctionality as good as non-biometric 
authentication methods in terms of their power of revocation. 
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